Rackspace DNS recovers after DDoS brings system down

Managed cloud service provider Rackspace has recovered from a DDoS attack that crippled the company's DNS servers for 11 hours earlier this week.

The DNS (Domain Name System) connectivity issues began Monday, according to a Google Plus post from Rackspace on Monday.

"We are monitoring a connectivity issue impacting our DNS environment that began at approximately 01:10 CST December 22nd," the post says. "Our engineers have taken steps to mitigate impact from this issue, however some of our customers may continue to experience intermittent periods of latency, packet loss, or connectivity failures when attempting to reach rackspace.com or subdomains within rackspace.com."

A separate post from Monday said Rackspace engineers discovered that a DDoS (distributed denial-of-service) attack was targeting DNS servers in three of its U.S. data centers on Sunday.

"On December 21st, at approximately 23:54 CST, backbone engineers identified a UDP DDoS attack targeting the DNS servers in our IAD, ORD, and LON data centers. As a result of this issue, authoritative DNS resolution for any new request to the DNS servers began to fail in the affected data centers," the post said.

To protect and stabilize the infrastructure, Rackspace placed the impacted servers "behind mitigation services," a method that caused some legitimate traffic to its DNS servers to be blocked.

On Monday afternoon the DNS infrastructure was fully functional and the traffic issues had been resolved, Rackspace said in another Google Plus post.

"After blocking the majority of the inbound DDoS attack earlier in the morning some DNS servers that were sending both legitimate and DDoS traffic to Rackspace were blacklisted. Further investigation and alteration of our mitigation profiles resolved the last remaining issues at 12:15CST," Rackspace said.

Customers who commented on the posts had mixed reactions to Rackspace's customer service during the outage. Many were miffed for not receiving more detailed and frequent updates.

"Rackspace, you've identified an issue about 10 hours ago now. Our customers don't care what the problem is and telling them 'Rackspace is working on it' is not an easy conversation to have as it give absolutely no useful information," wrote a customer named Joe Baker.

Others customer posts implied that Rackspace customer service agents weren't aware of the problem for a period of time and that the company was slow to update the status page to reflect that service was down.

"Rackspace, please keep posting updates as often as possible. This is the only place we can learn what's going on. My company has no email as DNS servers aren't working. We're freaking out," said Ken Glass, who works for Phoenix Realty in Boston.

Other customers were more understanding.

"I know it can be frustrating right now but I have been with Rackspace for years and they will get the issue fixed as fast as possible," said Loren Dorez.

Rackspace said it was investigating the crash and would provide more information when its analysis was complete.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.